Statistical Secrecy and Multibit Commitments

We present and compare definitions of "statistically hiding" protocols, and we propose a novel statistically hiding commitment scheme. Informally, a protocol statistically hides a secret if a computationally unlimited adversary who conducts the protocol with the owner of the secret learns almost nothing about it. One definition is based on the L/sub 1/-norm distance between probability distributions, the other on information theory. We prove that the two definitions are essentially equivalent. We also show that statistical counterparts of definitions of computational secrecy are essentially equivalent to our main definitions. Commitment schemes are an important cryptologic primitive. Their purpose is to commit one party to a certain value, while hiding this value from the other party until some later time. We present a statistically hiding commitment scheme allowing commitment to many bits. The commitment and reveal protocols of this scheme are constant-round, and the size of a commitment is independent of the number of bits committed to. This also holds for the total communication complexity, except of course for the bits needed to send the secret when it is revealed. The proof of the hiding property exploits the equivalence of the two definitions.

[1]  William Feller,et al.  An Introduction to Probability Theory and Its Applications , 1951 .

[2]  D. A. Bell,et al.  Information Theory and Reliable Communication , 1969 .

[3]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[4]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[5]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[6]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[7]  Gilles Brassard,et al.  Non-transitive transfer of confidence: A perfect zero-knowledge interactive protocol for SAT and beyond , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[8]  Ivan Damgård,et al.  Collision Free Hash Functions and Public Key Signature Schemes , 1987, EUROCRYPT.

[9]  Martin Tompa,et al.  Random self-reducibility and zero knowledge interactive proofs of possession of information , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[10]  David Chaum,et al.  Multiparty Computations Ensuring Privacy of Each Party's Input and Correctness of the Result , 1987, CRYPTO.

[11]  Yair Oren,et al.  On the cunning power of cheating verifiers: Some observations about zero knowledge proofs , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[12]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[13]  Silvio Micali,et al.  The Notion of Security for Probabilistic Cryptosystems , 1986, CRYPTO.

[14]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[15]  Rafail Ostrovsky,et al.  Minimum resource zero knowledge proofs , 1989, 30th Annual Symposium on Foundations of Computer Science.

[16]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[17]  Birgit Pfitzmann,et al.  A Remark on a Signature Scheme Where Forgery Can Be Proved , 1991, EUROCRYPT.

[18]  David Chaum,et al.  Cryptographically Strong Undeniable Signatures, Unconditionally Secure for the Signer , 1991, CRYPTO.

[19]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[20]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[21]  Rafail Ostrovsky,et al.  Perfect Zero-Knowledge Arguments for NP Can Be Based on General Complexity Assumptions (Extended Abstract) , 1992, CRYPTO.

[22]  Ueli Maurer,et al.  Generalized privacy amplification , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[23]  Bart Preneel,et al.  RIPEMD-160: A Strengthened Version of RIPEMD , 1996, FSE.

[24]  Anna Ingólfsdóttir Weak Semantics Based on Lighted Button Pressing Experiments. An Alternative Characterization of the Readiness Semantics , 1996 .

[25]  Stefan Dziembowski,et al.  The Fixpoint Bounded-Variable Queries are PSPACE-Complete , 1996 .

[26]  Ivan Damgård,et al.  Statistical Secrecy and Multi-Bit Commitments , 1996 .

[27]  Sven Skyum,et al.  The Complexity of Computing the k-ary Composition of a Binary Associative Operator , 1996 .

[28]  Jaikumar Radhakrishnan,et al.  The Randomized Complexity of Maintaining the Minimum , 1996, Nord. J. Comput..

[29]  H Huttel,et al.  On the Complexity of Deciding Behavioural Equivalences and Preorders , 1996 .

[30]  Glynn Winskel,et al.  A Presheaf Semantics of Value-Passing Processes , 1996, CONCUR.

[31]  Ivan Damgård,et al.  Linear zero-knowledge—a note on efficient zero-knowledge proofs and arguments , 1997, STOC '97.